git.rot13.org Git - librfid/blob - src/rfid_layer2_iso14443a.c

   1 /* ISO 14443-3 A anticollision implementation
   2  *
   3  * (C) 2005-2006 by Harald Welte <laforge@gnumonks.org>
   4  *
   5  */
   6
   7 /*
   8  *  This program is free software; you can redistribute it and/or modify
   9  *  it under the terms of the GNU General Public License version 2
  10  *  as published by the Free Software Foundation
  11  *
  12  *  This program is distributed in the hope that it will be useful,
  13  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  *  GNU General Public License for more details.
  16  *
  17  *  You should have received a copy of the GNU General Public License
  18  *  along with this program; if not, write to the Free Software
  19  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  20  */
  21
  22 #include <stdlib.h>
  23 #include <unistd.h>
  24 #include <string.h>
  25 #include <errno.h>
  26 #ifdef  __MINGW32__
  27 #include <windows.h>
  28 #endif/*__MINGW32__*/
  29
  30 #include <librfid/rfid.h>
  31 #include <librfid/rfid_layer2.h>
  32 #include <librfid/rfid_reader.h>
  33 #include <librfid/rfid_layer2_iso14443a.h>
  34 #include <librfid/rfid_protocol.h>
  35
  36 #define TIMEOUT 1236
  37
  38 unsigned long randctx[4]={0x22d4a017,0x773a1f44,0xc39e1460,0x9cde8801};
  39
  40 /* Transceive a 7-bit short frame */
  41 int
  42 iso14443a_transceive_sf(struct rfid_layer2_handle *handle,
  43                          unsigned char cmd,
  44                          struct iso14443a_atqa *atqa)
  45 {
  46         struct rfid_reader *rdr = handle->rh->reader;
  47
  48         return rdr->iso14443a.transceive_sf(handle->rh, cmd, atqa);
  49 }
  50
  51 /* Transmit an anticollission bit frame */
  52 static int
  53 iso14443a_transceive_acf(struct rfid_layer2_handle *handle,
  54                          struct iso14443a_anticol_cmd *acf,
  55                          unsigned int *bit_of_col)
  56 {
  57         struct rfid_reader *rdr = handle->rh->reader;
  58
  59         return rdr->iso14443a.transceive_acf(handle->rh, acf, bit_of_col);
  60 }
  61
  62 /* Transmit a regular frame */
  63 static int
  64 iso14443a_transceive(struct rfid_layer2_handle *handle,
  65                      enum rfid_frametype frametype,
  66                         const unsigned char *tx_buf, unsigned int tx_len,
  67                         unsigned char *rx_buf, unsigned int *rx_len,
  68                         u_int64_t timeout, unsigned int flags)
  69 {
  70         return handle->rh->reader->transceive(handle->rh, frametype, tx_buf,
  71                                         tx_len, rx_buf, rx_len, timeout, flags);
  72 }
  73
  74 static int
  75 iso14443a_code_nvb_bits(unsigned char *nvb, unsigned int bits)
  76 {
  77         unsigned int byte_count = bits / 8;
  78         unsigned int bit_count = bits % 8;
  79
  80         if (byte_count < 2 || byte_count > 7)
  81                 return -1;
  82
  83         *nvb = ((byte_count & 0xf) << 4) | bit_count;
  84
  85         return 0;
  86 }
  87
  88 int random_bit(void)
  89 {
  90     unsigned long e;
  91
  92     e = randctx[0];
  93     randctx[0]=randctx[1];
  94     randctx[1]=(randctx[2]<<19) + (randctx[2]>>13) + randctx[3];
  95     randctx[2]=randctx[3] ^ randctx[0];
  96     randctx[3]=e+randctx[1];
  97
  98     return randctx[1]&1;
  99 }
 100
 101 /* first bit is '1', second bit '2' */
 102 static void
 103 rnd_toggle_bit_in_field(unsigned char *bitfield, unsigned int size, unsigned int bit)
 104 {
 105     unsigned int byte,rnd;
 106
 107     if(bit && (bit <= (size*8)) )
 108     {
 109         rnd=random_bit();
 110
 111         DEBUGP("xor'ing bit %u with %u\n",bit,rnd);
 112         bit--;
 113         byte=bit/8;
 114         bit=rnd<<(bit%8);
 115         bitfield[byte] ^= bit;
 116     }
 117 }
 118
 119
 120 static int
 121 iso14443a_anticol(struct rfid_layer2_handle *handle)
 122 {
 123         int ret;
 124         unsigned int uid_size;
 125         struct iso14443a_handle *h = &handle->priv.iso14443a;
 126         struct iso14443a_atqa *atqa = &h->atqa;
 127         struct iso14443a_anticol_cmd acf;
 128         unsigned int bit_of_col;
 129         unsigned char sak[3];
 130         unsigned int rx_len = sizeof(sak);
 131         char *aqptr = (char *) atqa;
 132
 133         memset(handle->uid, 0, sizeof(handle->uid));
 134         memset(sak, 0, sizeof(sak));
 135         memset(atqa, 0, sizeof(&atqa));
 136         memset(&acf, 0, sizeof(acf));
 137
 138         if (handle->flags & RFID_OPT_LAYER2_WUP)
 139                 ret = iso14443a_transceive_sf(handle, ISO14443A_SF_CMD_WUPA, atqa);
 140         else
 141                 ret = iso14443a_transceive_sf(handle, ISO14443A_SF_CMD_REQA, atqa);
 142         if (ret < 0) {
 143                 h->state = ISO14443A_STATE_REQA_SENT;
 144                 DEBUGP("error during transceive_sf: %d\n", ret);
 145                 return ret;
 146         }
 147         h->state = ISO14443A_STATE_ATQA_RCVD;
 148
 149         DEBUGP("ATQA: 0x%02x 0x%02x\n", *aqptr, *(aqptr+1));
 150
 151         if (!atqa->bf_anticol) {
 152                 h->state = ISO14443A_STATE_NO_BITFRAME_ANTICOL;
 153                 DEBUGP("no bitframe anticollission bits set, aborting\n");
 154                 return -1;
 155         }
 156
 157         if (atqa->uid_size == 2 || atqa->uid_size == 3)
 158                 uid_size = 3;
 159         else if (atqa->uid_size == 1)
 160                 uid_size = 2;
 161         else
 162                 uid_size = 1;
 163
 164         acf.sel_code = ISO14443A_AC_SEL_CODE_CL1;
 165
 166         h->state = ISO14443A_STATE_ANTICOL_RUNNING;
 167         h->level = ISO14443A_LEVEL_CL1;
 168
 169 cascade:
 170         rx_len = sizeof(sak);
 171         iso14443a_code_nvb_bits(&acf.nvb, 16);
 172
 173         ret = iso14443a_transceive_acf(handle, &acf, &bit_of_col);
 174         if (ret < 0)
 175                 return ret;
 176
 177         while (bit_of_col != ISO14443A_BITOFCOL_NONE) {
 178                 DEBUGP("collision at pos %u\n", bit_of_col);
 179
 180                 iso14443a_code_nvb_bits(&acf.nvb, bit_of_col);
 181                 rnd_toggle_bit_in_field(acf.uid_bits, sizeof(acf.uid_bits), bit_of_col);
 182                 DEBUGP("acf: nvb=0x%02X uid_bits=%s\n",acf.nvb,rfid_hexdump(acf.uid_bits,sizeof(acf.uid_bits)));
 183                 ret = iso14443a_transceive_acf(handle, &acf, &bit_of_col);
 184                 if (ret < 0)
 185                         return ret;
 186         }
 187
 188         iso14443a_code_nvb_bits(&acf.nvb, 7*8);
 189
 190         ret = iso14443a_transceive(handle, RFID_14443A_FRAME_REGULAR,
 191                                    (unsigned char *)&acf, 7,
 192                                    (unsigned char *) &sak, &rx_len,
 193                                    TIMEOUT, 0);
 194         if (ret < 0)
 195                 return ret;
 196
 197         if (sak[0] & 0x04) {
 198                 /* Cascade bit set, UID not complete */
 199                 switch (acf.sel_code) {
 200                 case ISO14443A_AC_SEL_CODE_CL1:
 201                         /* cascading from CL1 to CL2 */
 202                         if (acf.uid_bits[0] != 0x88) {
 203                                 DEBUGP("Cascade bit set, but UID0 != 0x88\n");
 204                                 return -1;
 205                         }
 206                         memcpy(&handle->uid[0], &acf.uid_bits[1], 3);
 207                         acf.sel_code = ISO14443A_AC_SEL_CODE_CL2;
 208                         h->level = ISO14443A_LEVEL_CL2;
 209                         break;
 210                 case ISO14443A_AC_SEL_CODE_CL2:
 211                         /* cascading from CL2 to CL3 */
 212                         memcpy(&handle->uid[3], &acf.uid_bits[1], 3);
 213                         acf.sel_code = ISO14443A_AC_SEL_CODE_CL3;
 214                         h->level = ISO14443A_LEVEL_CL3;
 215                         break;
 216                 default:
 217                         DEBUGP("cannot cascade any further than CL3\n");
 218                         h->state = ISO14443A_STATE_ERROR;
 219                         return -1;
 220                         break;
 221                 }
 222                 goto cascade;
 223
 224         } else {
 225                 switch (acf.sel_code) {
 226                 case ISO14443A_AC_SEL_CODE_CL1:
 227                         /* single size UID (4 bytes) */
 228                         memcpy(&handle->uid[0], &acf.uid_bits[0], 4);
 229                         break;
 230                 case ISO14443A_AC_SEL_CODE_CL2:
 231                         /* double size UID (7 bytes) */
 232                         memcpy(&handle->uid[3], &acf.uid_bits[0], 4);
 233                         break;
 234                 case ISO14443A_AC_SEL_CODE_CL3:
 235                         /* triple size UID (10 bytes) */
 236                         memcpy(&handle->uid[6], &acf.uid_bits[0], 4);
 237                         break;
 238                 }
 239         }
 240
 241         h->level = ISO14443A_LEVEL_NONE;
 242         h->state = ISO14443A_STATE_SELECTED;
 243
 244         {
 245                 if (uid_size == 1)
 246                         handle->uid_len = 4;
 247                 else if (uid_size == 2)
 248                         handle->uid_len = 7;
 249                 else
 250                         handle->uid_len = 10;
 251
 252                 DEBUGP("UID %s\n", rfid_hexdump(handle->uid, handle->uid_len));
 253         }
 254
 255         if (sak[0] & 0x20) {
 256                 DEBUGP("we have a T=CL compliant PICC\n");
 257                 handle->proto_supported = 1 << RFID_PROTOCOL_TCL;
 258                 h->tcl_capable = 1;
 259         } else {
 260                 DEBUGP("we have a T!=CL PICC\n");
 261                 handle->proto_supported = (1 << RFID_PROTOCOL_MIFARE_UL)|
 262                                           (1 << RFID_PROTOCOL_MIFARE_CLASSIC);
 263                 h->tcl_capable = 0;
 264         }
 265
 266         return 0;
 267 }
 268
 269 static int
 270 iso14443a_hlta(struct rfid_layer2_handle *handle)
 271 {
 272         int ret;
 273         unsigned char tx_buf[2] = { 0x50, 0x00 };
 274         unsigned char rx_buf[10];
 275         unsigned int rx_len = sizeof(rx_buf);
 276
 277         ret = iso14443a_transceive(handle, RFID_14443A_FRAME_REGULAR,
 278                                    tx_buf, sizeof(tx_buf),
 279                                    rx_buf, &rx_len, 1000 /* 1ms */, 0);
 280         if (ret < 0) {
 281                 /* "error" case: we don't get somethng back from the card */
 282                 return 0;
 283         }
 284         return -1;
 285 }
 286
 287 static int
 288 iso14443a_setopt(struct rfid_layer2_handle *handle, int optname,
 289                  const void *optval, unsigned int optlen)
 290 {
 291         int ret = -EINVAL;
 292         struct rfid_reader *rdr = handle->rh->reader;
 293         unsigned int speed;
 294
 295         switch (optname) {
 296         case RFID_OPT_14443A_SPEED_RX:
 297                 if (!rdr->iso14443a.set_speed)
 298                         return -ENOTSUP;
 299                 speed = *(unsigned int *)optval;
 300                 ret = rdr->iso14443a.set_speed(handle->rh, 0, speed);
 301                 break;
 302         case RFID_OPT_14443A_SPEED_TX:
 303                 if (!rdr->iso14443a.set_speed)
 304                         return -ENOTSUP;
 305                 speed = *(unsigned int *)optval;
 306                 ret = rdr->iso14443a.set_speed(handle->rh, 1, speed);
 307                 break;
 308         case RFID_OPT_14443A_WUPA:
 309                 if((unsigned int*)optval)
 310                         handle->flags |= RFID_OPT_LAYER2_WUP;
 311                 else
 312                         handle->flags &= ~RFID_OPT_LAYER2_WUP;
 313                 ret = 0;
 314                 break;
 315         };
 316
 317         return ret;
 318 }
 319
 320 static int
 321 iso14443a_getopt(struct rfid_layer2_handle *handle, int optname,
 322                  void *optval, unsigned int *optlen)
 323 {
 324         int ret = -EINVAL;
 325         struct iso14443a_handle *h = &handle->priv.iso14443a;
 326         struct iso14443a_atqa *atqa = optval;
 327         int *wupa = optval;
 328
 329         switch (optname) {
 330         case RFID_OPT_14443A_ATQA:
 331                 *atqa = h->atqa;
 332                 ret = 0;
 333                 break;
 334         case RFID_OPT_14443A_WUPA:
 335                 *wupa = ((handle->flags & RFID_OPT_LAYER2_WUP) != 0);
 336                 ret = 0;
 337                 break;
 338         };
 339
 340         return ret;
 341 }
 342
 343
 344 static struct rfid_layer2_handle *
 345 iso14443a_init(struct rfid_reader_handle *rh)
 346 {
 347         int ret;
 348         struct rfid_layer2_handle *h = malloc_layer2_handle(sizeof(*h));
 349         if (!h)
 350                 return NULL;
 351
 352         memset(h, 0, sizeof(*h));
 353
 354 #ifdef  __MINGW32__
 355         randctx[0] ^= GetTickCount();
 356 #endif/*__MINGW32__*/
 357         for(ret=0;ret<23;ret++)
 358             random_bit();
 359
 360         h->l2 = &rfid_layer2_iso14443a;
 361         h->rh = rh;
 362         h->priv.iso14443a.state = ISO14443A_STATE_NONE;
 363         h->priv.iso14443a.level = ISO14443A_LEVEL_NONE;
 364
 365         ret = h->rh->reader->iso14443a.init(h->rh);
 366         if (ret < 0) {
 367                 free_layer2_handle(h);
 368                 return NULL;
 369         }
 370
 371         return h;
 372 }
 373
 374 static int
 375 iso14443a_fini(struct rfid_layer2_handle *handle)
 376 {
 377         free_layer2_handle(handle);
 378         return 0;
 379 }
 380
 381
 382 const struct rfid_layer2 rfid_layer2_iso14443a = {
 383         .id     = RFID_LAYER2_ISO14443A,
 384         .name   = "ISO 14443-3 A",
 385         .fn     = {
 386                 .init           = &iso14443a_init,
 387                 .open           = &iso14443a_anticol,
 388                 .transceive     = &iso14443a_transceive,
 389                 .close          = &iso14443a_hlta,
 390                 .fini           = &iso14443a_fini,
 391                 .setopt         = &iso14443a_setopt,
 392                 .getopt         = &iso14443a_getopt,
 393         },
 394 };
 395